Published at LXer:
But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken, such that even if Komodia's proxy client sees an invalid certificate, it just makes it valid. Seriously.
Read More...